No more OTP frauds? India’s home ministry, SBI Cards and Payment Services Ltd (SBI Card), and telecom operators are collaborating to create a solution that will alert customers about stolen one-time passwords (OTPs) as part of a larger initiative to address the increasing risk of cyber fraud and phishing attacks on the banking system.
Read More: Ordering From Zomato? Check Platform Fee; Company Stock Soars After GST Penalty
According to two individuals familiar with the matter, the government is evaluating a solution that will enable banks to monitor a customer’s registered address and the geolocation where an OTP is being delivered. If there is a discrepancy between the two locations, the customer can be notified of a potential phishing attempt, said an ET report. The solution is currently in the testing phase, and the goal is to use the telecom database to track the customer’s geolocation and ensure that the OTP is being sent to the correct location.
The Reserve Bank of India had advocated for an additional factor of authentication for any digital payment transaction primarily to prevent fraud. However, over time, fraudsters have developed sophisticated capabilities to either steal OTPs by deceiving unsuspecting bank customers or redirect OTPs to their own devices through fraudulent means, rendering the second factor of authentication ineffective in combating cybercrime.
Read More: YES Bank, ICICI Bank to change service charges on savings accounts from May 1: Details
If there is a problem with the OTP delivery location, two steps can be taken: either an alert can be displayed on the device, or the OTP can be blocked entirely. While the specifics of the solution are still being developed with telecom companies, a customer’s SIM location can be verified in real-time and compared to the geolocation of OTP delivery. Banks also have their own data on customers’ residences, so capabilities will need to be developed to triangulate the data in real-time.
“For instance, the customer lives in Bengaluru and the OTP is getting delivered in some place in Uttar Pradesh where the person has never been or from where the person has not made any calls recently, which means he or she is not traveling to that place; this is a typical red flag scenario,” a banker said.
According to the Indian Cyber Crime Coordination Centre (i4C), cyber criminals siphoned off as much as Rs 10,319 crore between April 2021 and December 2023. The majority of the crimes originated in China, Cambodia, and Myanmar and involved non-state actors.
Read More: Bank Holiday on Hanuman Jayanti April 23: Are banks closed today in your city? Details
Under i4C, the government established the ‘Citizen Financial Cyber Fraud Reporting and Management System’, which has prevented approximately Rs 1,200 crore in fraudulent transfers from more than 470,000 citizen complaints received until February 2024. In the calendar year 2023, the registry received 1.12 million complaints totaling Rs 7,488 crore in fraudulent transfers.